Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
309
Views
0
Helpful
3
Replies

ASA5520 Failing over

rjordan63
Level 1
Level 1

‎07-27-2010 02:14 PM - edited ‎03-11-2019 11:17 AM

I have two ASA5520 devices running version 8.2(2)16. They are in active/standby mode. This issue is not happening all the time but the devices are failing over and I have worked with Cisco TAC on this but was not able to uncover the issue. Under the "sho failover history" it shows reason of "HELLO not heard from mate". The Cisco tech had me upgrade IOS on both units and change out the cables on the management ports but no luck. I have sent the crash logs to the tech also but still no luck on find why this is happing sometime and when I say sometimes it may be once to twice a week that it happens. Has anyone seen this happen to them and have a case number that they worked on this with a tech or notes on how they uncovered why this is happening?

Thank you

Labels:
0 Helpful
3 Replies 3

Panos Kampanakis
Cisco Employee
Cisco Employee

‎07-27-2010 02:53 PM

If the units fail over because there is a crash then you need to have the engineer look at the decode of the crash and try to find out the crash reason.

Is the reason of the failover and the "No HELLO from mat" a crash?

PK

0 Helpful

rjordan63
Level 1
Level 1
In response to Panos Kampanakis

‎07-28-2010 07:25 AM

pkampana,

Thank you for the reply. The devices are not crashing in the sense of them going down or stopping communicating from what I can see. They will both be up and running fine and then will just failover and in the history the message “HELLO not heard from mate” will be the reason. Then a few days will go bye and they will failover again. After reading you message I now think that the tech was looking in the wrong place for the issue. He was always looking at the crash logs but the devices where not crashing. Not sure where to look now but any ideas would be a big help.

Thank you

0 Helpful

Panos Kampanakis
Cisco Employee
Cisco Employee
In response to rjordan63

‎07-28-2010 07:32 AM

If there was no reboot (up time in device will show it) then the crash files are irrelevant.

There could be reasons that we lost HELLOs from mate, like network/switch issues connecting them, too much traffic on the failover interface, collision etc, or maybe high cpu on the ASAs so that they can't process the HELLOs. So, these might be worth of investigation. If there is no crash you need to focus on why HELLOs are lost. Fover debugs, failover interface captures can help.

I hope it helps directing you to next steps.

PK

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card